Lucene search

IBM33741A418EA7D99DCFC8BA3E869BC228446D329A4D8FC321E7A2E019A390912F

HistorySep 17, 2024 - 8:49 p.m.

Security Bulletin: Insufficient input validation in IBM Business Automation Workflow Center - CVE-2024-43188

2024-09-1720:49:05

www.ibm.com

ibm business automation workflow

input validation

cve-2024-43188

vulnerabilities

interim fix

cumulative fix

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Summary

IBM Business Automation Workflow Center is vulnerable because of insufficient user input validation.

Vulnerability Details

CVEID:CVE-2024-43188
**DESCRIPTION:**IBM Business Automation Workflow could allow a privileged user to perform unauthorized activities due to improper client side validation.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/351386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)	Status
IBM Business Automation Workflow traditional	V24.0.0
V23.0.1 - V23.0.2
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.1
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.1 - V18.0.0.3	affected

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR DT392433 as soon as practical.

Affected Product(s)	Version(s)	Remediation / Fix
IBM Business Automation Workflow traditional	V24.0.0	Apply DT392433
IBM Business Automation Workflow traditional	V21.0.3.1	Apply DT392433
IBM Business Automation Workflow traditional

V23.0.1 - V23.0.2
V22.0.1 - V22.0.2
V21.0.1 - V21.0.3.0
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.1 - V18.0.0.3

| Upgrade to a long term support release or the latest SSCD version. See IBM Business Automation Workflow and IBM Integration Designer Software Support Lifecycle Addendum

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmbusiness_automation_workflowMatch22.0.2enterprise_service_bus

ibmbusiness_automation_workflowMatch23.0.1enterprise_service_bus

ibmbusiness_automation_workflowMatch23.0.2enterprise_service_bus

ibmbusiness_automation_workflowMatch24.0.0enterprise_service_bus

ibmbusiness_automation_workflowMatch18.0.0.0

ibmbusiness_automation_workflowMatch18.0.0.1

ibmbusiness_automation_workflowMatch18.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.1

ibmbusiness_automation_workflowMatch19.0.0.2

ibmbusiness_automation_workflowMatch19.0.0.3

ibmbusiness_automation_workflowMatch20.0.0.1

ibmbusiness_automation_workflowMatch20.0.0.2

ibmbusiness_automation_workflowMatch21.0.2

ibmbusiness_automation_workflowMatch21.0.3

ibmbusiness_automation_workflowMatch22.0.1

ibmbusiness_automation_workflowMatch22.0.2

ibmbusiness_automation_workflowMatch23.0.1

ibmbusiness_automation_workflowMatch23.0.2

ibmbusiness_automation_workflowMatch24.0.0

VendorProductVersionCPE
ibmbusiness_automation_workflow22.0.2cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:*
ibmbusiness_automation_workflow23.0.1cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:enterprise_service_bus:*:*:*
ibmbusiness_automation_workflow23.0.2cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:enterprise_service_bus:*:*:*
ibmbusiness_automation_workflow24.0.0cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:enterprise_service_bus:*:*:*
ibmbusiness_automation_workflow18.0.0.0cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*
ibmbusiness_automation_workflow18.0.0.1cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*
ibmbusiness_automation_workflow18.0.0.2cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.1cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.2cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:*:*:*:*:*:*:*
ibmbusiness_automation_workflow19.0.0.3cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	business_automation_workflow	22.0.2	cpe:2.3:a:ibm:business_automation_workflow:22.0.2::::enterprise_service_bus:::
ibm	business_automation_workflow	23.0.1	cpe:2.3:a:ibm:business_automation_workflow:23.0.1::::enterprise_service_bus:::
ibm	business_automation_workflow	23.0.2	cpe:2.3:a:ibm:business_automation_workflow:23.0.2::::enterprise_service_bus:::
ibm	business_automation_workflow	24.0.0	cpe:2.3:a:ibm:business_automation_workflow:24.0.0::::enterprise_service_bus:::
ibm	business_automation_workflow	18.0.0.0	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:::::::*
ibm	business_automation_workflow	18.0.0.1	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:::::::*
ibm	business_automation_workflow	18.0.0.2	cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:::::::*
ibm	business_automation_workflow	19.0.0.1	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.1:::::::*
ibm	business_automation_workflow	19.0.0.2	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.2:::::::*
ibm	business_automation_workflow	19.0.0.3	cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3:::::::*

Rows per page:

1-10 of 191

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

16.8%

JSON

Related for 33741A418EA7D99DCFC8BA3E869BC228446D329A4D8FC321E7A2E019A390912F